Question Need help with network setup to connect to VPN server

Martin1994

Reputable
Aug 21, 2014
15
0
4,510
Hi,

So I've been instructed to connect to a VPN server that a colleague has set up, he gave me an IP and Port and which Protocol to use (UDP) that i should open as outbound connection in the firewall. The idea is that a Linux controller and a PC is communicating with each other in a private network, and then they should have access to the linux controller from their network. My network layout can be seen in the picture at the end.

So I've already configured the outbound connection in our "Hirschmann Eagle" firewall, this firewall is also used by other computers so there are a couple other rules there that are allowed outbound, and the rest is set to drop all packets. Inbound is set to drop all packets as well.

I'm able to ping the internal IP of the firewall, but can't ping the IP : port that my colleague had specified, so now I wonder what could be the issue here. One thing I wonder is if I should put the external IP of the firewall as default gateway for the Linux controller?

Thanks, and if you need any more information I'm happy to describe more.
JkYrEMH.png
 
For a VPN client if you just want to use it from one pc you won't have to mess with anything outside the client. You will need a whole lot more information about the vpn than ip,port, and protocol. If it's an openvpn they might be able to give you a conf file.

It's very common to stealth ports and turn ping off on private servers. The only way to know is using the client and making a connection.
 

Martin1994

Reputable
Aug 21, 2014
15
0
4,510
For a VPN client if you just want to use it from one pc you won't have to mess with anything outside the client. You will need a whole lot more information about the vpn than ip,port, and protocol. If it's an openvpn they might be able to give you a conf file.

It's very common to stealth ports and turn ping off on private servers. The only way to know is using the client and making a connection.

Thanks! I forgot to mention that the openvpn client is already setup with the config file and which IP and port to connect to, I sent the logs from openvpn to my colleague and will see if we can get a connection now, but it will take some time as there is a 10 hour time zone difference between us.

I'm quite new to Linux but I've also tried using "telnet" and "nc" in addition to pinging, but haven't been able to get those to work. When i did "systemctl restart openvpn@client", I've got two different statuses when trying different settings, the first one was: "Initialization Sequence Completed" and the other one was: "Pre-connection initialization successful", I don't know if these two are any help. There is more much more text also when using the earlier mentioned command but there's quite a lot of information as IPs and such that I probably shouldn't be showing.
 
Thanks! I forgot to mention that the openvpn client is already setup with the config file and which IP and port to connect to, I sent the logs from openvpn to my colleague and will see if we can get a connection now, but it will take some time as there is a 10 hour time zone difference between us.

I'm quite new to Linux but I've also tried using "telnet" and "nc" in addition to pinging, but haven't been able to get those to work. When i did "systemctl restart openvpn@client", I've got two different statuses when trying different settings, the first one was: "Initialization Sequence Completed" and the other one was: "Pre-connection initialization successful", I don't know if these two are any help. There is more much more text also when using the earlier mentioned command but there's quite a lot of information as IPs and such that I probably shouldn't be showing.
I think it is connected if you see those lines.

The server should be adding the route when the client connects. You can type ip route into the terminal and check to make sure the destination CIDR is going to the vpn interface.

On their side the server must have a path for you or you won't be able to access anything, but are still connected.